Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to address 1st-party tracker blocking? #6538

Closed
aeris opened this issue Nov 10, 2019 · 9 comments
Closed

How to address 1st-party tracker blocking? #6538

aeris opened this issue Nov 10, 2019 · 9 comments

Comments

@aeris
Copy link

@aeris aeris commented Nov 10, 2019

Helle here!

Since friday, we hit a case of 1st-party tracking that seems to be unblockable.

This occurs on https://www.liberation.fr/, embedding a 1st-party tracker f7ds.liberation.fr, which point to a ugly tracking provider Eulerian via the CNAME liberation.eulerian.net.

This provider clearly states it provide unblockable tracker
EJAeTXvWwAAqTPz
EJAwd5wWkAAjmsN

Seems Criteo starts to ask the same to their customer, with 1st-party tracking pointing to *.dnsdelegation.io subdomain.

In this case, it seems really difficult to block such tracker by tools like uBlock:

  • subdomain is mostly random (f7ds.example.org), even if we found some ea.* pattern
  • detection can sometime be done with CNAME resolution (to *.eulerian.net or *.dnsdelegation.io), but this is difficult to integrate to browser (those steps are internal to DNS client resolver)
  • IP filtering is not efficient, tracker provider can easily change IP without notifying it customers. CNAME change is more complex, but provider can generate quite a bunch on random subdomain in advance and ask it customer to change the subdomain in case of too high blocking (or proactively trigger a rotation each X days).

Do you have any way to detect then block such content from the browser?
The only (not so) efficient way I have at the moment is using DNS tools like PiHole to blacklist range of IP and CNAME pattern resolution (with regex, hostfile not usable here). And even this way, it doesn't cover all the possible case… Even tools like µMatrix seems totally inefficient on such tracker…

@llacb47

This comment has been minimized.

Copy link
Contributor

@llacb47 llacb47 commented Nov 10, 2019

Maybe a scriptlet? Are there other sites on which this tracking is used?

@aeris

This comment has been minimized.

Copy link
Author

@aeris aeris commented Nov 10, 2019

With DNS analysis, we found at least those customers.
Acadomia, Attractiv World, Conforama, Carrefour, Center Parks, Celio, Corsair, Devialet, Leclerc, Easy Voyage, La Redoute, Futuroscope, Française des Jeux, FNAC, Look Voyage, Lafuma, Malakoff Médéric, Michelin, Monoprix, Numericable, Office Dépôt, Ooreka, Photobox, Petit Bateau, Pixmania, PMU, Tam Tam, Promofarma, Quiksilver, Skoda, Smartbox, Locasun, Vente Unique, Voyage Privé, Voyages SNCF, Virgin Mobile, and so more (700+ domains found).
It doesn't say it's currently on production, but DNS delegation and CNAME are ready to be deployed on 1st-party sites.

@aeris

This comment has been minimized.

Copy link
Author

@aeris aeris commented Nov 10, 2019

At least one already in production on oui.sncf
2019-11-10T15-02-30
2019-11-10T15-03-56

@llacb47

This comment has been minimized.

Copy link
Contributor

@llacb47 llacb47 commented Nov 10, 2019

@aeris for uBo add:

liberation.fr,officedepot.fr,oui.sncf##+js(acis, document.createElement, /parseInt.+?3600000/)

However the domain names don't seem to change so they can probably be blocked in EasyPrivacy.

okiehsch added a commit that referenced this issue Nov 10, 2019
@okiehsch

This comment has been minimized.

Copy link
Contributor

@okiehsch okiehsch commented Nov 10, 2019

Do you have any way to detect then block such content from the browser?

We can disable the inline-script that triggers the 1st party scripts
image

I added
liberation.fr,officedepot.fr,oui.sncf##+js(acis, document.createElement, '.js')
to uBO-privacy.

okiehsch added a commit that referenced this issue Nov 13, 2019
@mapx- mapx- closed this Nov 19, 2019
@krystian3w

This comment has been minimized.

@guillaumef

This comment has been minimized.

Copy link

@guillaumef guillaumef commented Nov 26, 2019

This domain is owned by a https://uniregistry.com ... a registrar reseller.
The domain is for sale...

$ dig +short aeris.liberation.net
69.172.201.153
It is called a wildcard ...
*.liberation.net IN A 69.172.201.153

You made a typo and you have a lot of imagination, conspiracy theory ?
Eulerian is using f7ds.liberation.fr and nothing changed.

@aeris

This comment has been minimized.

Copy link
Author

@aeris aeris commented Nov 26, 2019

Oh my god, I miss the domain 😭 Sorry… 😨

@aeris aeris closed this Nov 26, 2019
@uBlock-user

This comment has been minimized.

Copy link
Member

@uBlock-user uBlock-user commented Nov 28, 2019

https://trackingthetrackers.com/

Should help filterlist maintainers collecting/checking domains there before adding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.